30c796bea4b68a84b23f0dd318290371314bf27b4f1ca78f8705afa96cca4030

Analysis

max time kernel
123s
max time network
150s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 22:42

Target

4052-356-0x00000000030F0000-0x0000000003221000-memory.dll
Size

1.2MB
MD5

6bc7f9bda688d4b6e82de76e1c95f089
SHA1

5507fc878b5831f3a67c5bb80aca176945f38529
SHA256

30c796bea4b68a84b23f0dd318290371314bf27b4f1ca78f8705afa96cca4030
SHA512

4e6c6084e2ceaf15134c565a88cad03f6d76bc6966c0ce32c5d29977da2964680a5b2e291064dd446ec1ed9180ef646ca14926319a967033bfaa450f0bc7eddb
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAO1ftxmbfYQJZKgiJ:7I99DEWVtQAOZmn0f

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2680	2812	rundll32.exe	29
PID 2812 wrote to memory of 2680	2812	rundll32.exe	29
PID 2812 wrote to memory of 2680	2812	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4052-356-0x00000000030F0000-0x0000000003221000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2812 -s 56
  2⤵
  PID:2680